Implemented: FS#931 - Optional SSL for Web Interface

Author: tbrehm

install/dist/lib/fedora.lib.php

@@ -824,6 +824,12 @@ public function install_ispconfig()
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);
 
 		//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");

install/dist/lib/gentoo.lib.php

@@ -699,6 +699,12 @@ public function install_ispconfig()
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		$vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
 		$this->write_config_file($vhost_path, $content);
 

install/dist/lib/opensuse.lib.php

@@ -633,8 +633,7 @@ public function configure_firewall()
   		unset($iptables_location);
 
 	}
-	
-	
+
 	public function install_ispconfig()
     {
 		global $conf;
@@ -838,6 +837,12 @@ public function install_ispconfig()
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		$content = str_replace('/var/www/', '/srv/www/', $content);
 
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);

install/install.php

@@ -450,6 +450,10 @@
 		//** Customise the port ISPConfig runs on
 		$conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', '8080');
 
+		if(strtolower($inst->simple_query('Enable SSL for the ISPConfig web interface',array('y','n'),'y')) == 'y') {
+			$inst->make_ispconfig_ssl_cert();
+		}
+		
 		$inst->install_ispconfig_interface = true;
 
 	} else {

install/lib/install.lib.php

@@ -697,6 +697,24 @@ function get_ispconfig_port_number() {
 	}
 }
 
+/*
+* Get the port number of the ISPConfig controlpanel vhost
+*/
+
+function is_ispconfig_ssl_enabled() {
+	global $conf;
+	$ispconfig_vhost_file = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
+
+	if(is_file($ispconfig_vhost_file)) {
+		$tmp = file_get_contents($ispconfig_vhost_file);
+		if(stristr($tmp,'SSLCertificateFile')) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
+
 
 
 ?>

install/lib/installer_base.lib.php

@@ -1166,6 +1166,25 @@ public function configure_apps_vhost() {
 		}
 
 	}
+	
+	public function make_ispconfig_ssl_cert() {
+		global $conf;
+		
+		$ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt';
+		$ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr';
+		$ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key';
+		
+		if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl");
+		
+		$ssl_pw = substr(md5(mt_rand()),0,6);
+		exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
+		exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
+		exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
+		exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
+		exec("mv $ssl_key_file $ssl_key_file.secure");
+		exec("mv $ssl_key_file.insecure $ssl_key_file");
+		
+	}
 
 	public function install_ispconfig() {
 		global $conf;
@@ -1395,6 +1414,12 @@ public function install_ispconfig() {
 		} else {
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
+		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
 
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);
 

install/tpl/apache_ispconfig.vhost.master

@@ -43,6 +43,10 @@ NameVirtualHost *:{vhost_port}
     SecRuleEngine Off
   </IfModule>
 
+  # SSL Configuration
+  {ssl_comment}SSLEngine On
+  {ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
+  {ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
 
 </VirtualHost>
 

install/update.php

@@ -308,6 +308,11 @@
 $ispconfig_port_number = get_ispconfig_port_number();
 $conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number);
 
+// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n';
+if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate',array('y','n'),'n')) == 'y') {
+	$inst->make_ispconfig_ssl_cert();
+}
+
 $inst->install_ispconfig();
 
 //** Configure Crontab